How to check WordPress plugins and themes vulnerability

So far we were discussing different problems regarding WordPress which can pop up while using some plugins and / or themes. Now let's see how to check their vulnerabilities to make sure your website is safe and without problems. Perhaps even WordPress core can have vulnerabilities.
Beside updating your WordPress CMS, it's plugins and themes regularly to the latest versions, it's also recommended to check their vulnerabilities maybe even before you install some of them on your blog. To do so, you not even need to be guru or check files and it's codes. Like many other things, even this checkup is simplified by WPScan Vulnerability Database website where you can enter name of some plugin or theme to search if there is any reported vulnerabilities. Then if you find one, click on it's name on the list to see details and how vulnerable or risky it is.

Hope this little tutorial will save you some time and lower your risks. If you know some similar tactic, please share here.

July 7, 2016, 11:46 am

Responses (7)

That website is pretty sweet I never thought about the plugins having vulnerabilities. I know that WP has had some problems in the past where hackers could take advantage of vulnerabilities within the WP dashboard itself, but not the plugins.

How many people have had problems with their plugins being the source of a hack?

Interesting. I've never personally had a WP site hacked from a plugin vulnerability before. Usually it's been hacked because of a WP core vulnerability. And in most cases it's been hacked via the XML-RPC (xmlrpc.php) file which I now disable on all my WP sites. It does come with some drawbacks when you disable XML-RPC because it's used for so many legitimate things but since doing so, I've never had any of my WP sites hacked. You can read more about it on the Wordfence blog for should you disable XML RPC on WordPress.

But I'll try to remember that site when I next want to use a plugin that looks good but I'm unsure about. So I can just search the site for the plugins name right and it will tell me if that plugin has been reported or not and what the vulnerabilities (if any) are with it right?

Fully agree I am along those lines too, I am not much of an expert and I am finding it really helpful that these tutorials are made with people such as us in mind. They are relevant and helpful, and explained very well. Thanks Anwebservices.

Yes definitely. I am far from being technical believe me. Although thanks to these discussions I learnt some technical things by reading and trying to understand a bit more. I wish I was more conversant with certain things that many others seem to be experts at, but alas I am not that good at that.

Yes I am also learning loads here, which is great. What I enjoy is that the members here take the time to answer my questions about the technical things I don't understand which helps me to understand things better. Ok well sometimes it just makes me more confused and realize that I will never understand some things...